Military Review English Edition March-April 2016 - Page 81

CYBERSECURITY (Photo by Staff Sgt. Ryan Whitney, 1st Special Operations Wing Public Affairs) Members of the Ukraine military monitor and maintain network access during Combined Endeavor 2011 in Grafenwoehr, Germany, 19 September 2011. Combined Endeavor, an annual exercise involving nearly forty NATO, Partnership for Peace, and strategic security partners, is designed to increase interoperability and enhance communications processes between the participating nations. left over seven hundred thousand Ukrainians without electricity.44 Ukraine’s experience demonstrates cybersecurity’s relevance to stability operations. Public-Private Partnerships Like Kiev, the United States continues to refine policy for cybersecurity and critical-infrastructure protection (CIP) to adapt to emerging threats. Critical infrastructure, as defined in Presidential Policy Directive 21, are “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”45 The United States categorizes critical infrastructure into sixteen sectors from energy to transportation. Discussion of CIP, as well as the resulting policy implications and changes, has come to the forefront in the last twenty years. In 2002, DHS assumed a MILITARY REVIEW  March-April 2016 lead role in CIP.46 Even before that, President Bill Clinton’s 1996 Executive Order (EO) 13010 categorized critical infrastructure threats as physical and cyber.47 Nearly two decades later, the 2014 Quadrennial Homeland Security Review emphasized the significant potential destructive effects of cyberthreats to critical infrastructure.48 Need for Government, Military, and Civilian Cooperation in Protection of Cyberspace The centerpiece of effective cybersecurity and CIP is public-private collaboration. In 2013, President Barack Obama’s EO 13636 enhanced cybersecurity for CIP through public-private collaboration and directed the National Institute of Standards and Technology (NIST) to develop “a framework to reduce cyber risks to critical infrastructure.”49 In 2014, NIST released a preliminary framework affirming public-private cooperation in cybersecurity.50 79